Dear Ilu,
It looks like I have touched a sensitive subject, sorry for that.
I was thinking *only* about the situation of a project without a formal organization behind it,
that does not have stable funding, developers doing their work mostly on volunteer basics.
Every single one of us knows such projects.
My impression was that this was the main subject that has been discussed over the last few days.
For me personally, it seems to put all the manufacturer obligations on those who use their
code in commercial products.
And I wasn't talking about the 'beta' versions. I was talking about the 'intended purpose' as in
Annex II.
I think that the 'intended purpose' has a big role to play, because this is the way I envisaged
use for educational software that contains security issues to be found and fixed by students.
And I have read the CRA multiple times.
Best regards,
Marta
Aaaaand we are back to the in-or-out discussion. :-(
A simple search through the CRA document would have led you to Art. 4
(3) - testing is ok "only for a limited period required for testing
purposes". The EU is not completely stupid.
I'd expect that everybody present here has read the CRA at least once.
Obviously not. I don't want to diss anybody personally but I'm really
frustrated.
This "Open Regulatory Compliance Working Group" consists, according to
their self-description (https://orcwg.org/), of
"Key stakeholders from industry and open source communities"
"collaborating to support compliance with government regulations,"
All I've seen so far is participants trying to find ways around said
regulation and contributing nothing but supposed "hacks" to avoid basic
supply chain security.
IMHO this paints a very bad picture of FOSS. Of course the CRA has some
more (partly rather stupid) requirements (mainly for manufacturers) but
the core of it is things which we should have done already anyways (and
which good projects are already doing).
I know I'm being controversial but I'm doing this on purpose in the
interest of our communities because I think this working group needs a
kick to get going. I'm still hopeful ...
No harm meant!
Ilu
Am 03.01.25 um 15:53 schrieb Marta Rybczynska via
open-regulatory-compliance:
> I'm wondering if there isn't an easier way out of it, for projects/people
> who are wondering
> if they are getting into the 'manufacturer' category.
>
> Every product under the CRA must have a scope in its documentation. And
> what if the scope
> says that it is only for testing/development purposes and should not be
> used in professional
> activities?
>
> Would that effectively transfer all the responsibility to the
> projects/companies using that module/
> library/program?
>
> That will work only if the original project does not do any 'direct
> monetization' .
>
> Kind regards,
> Marta
>
>
> _______________________________________________
> open-regulatory-compliance mailing list
> open-regulatory-compliance@xxxxxxxxxxx
> To unsubscribe from this list, visit https://accounts.eclipse.org
>